17

Please excuse the frustrating undertones as I have attempted to get this set up correctly multiple times to no avail (possibly and most likely due to my ignorance, but also likely due to the lack of thorough and concise documentation).

I am trying to set up a git server so that I can share code amongst a small team of developers. Each developer may connect from multiple client PC's. I come from MS in the past so I am a bit spoiled in regards to development toolset, but it would be awesome if I could get something similar to TFS.

When trying to set up either gitosis (I understand this is deprecated for the git community per https://serverfault.com/questions/225495/ubuntu-server-gitosis-user-naming-convention) or gitolite, it seems as though as soon as I set it up I have to be extremely careful because it seems everything is balancing on toothpicks.

My latest attempt to set up a git server included moving my public key (benny.pub) from my laptop to the server, setting everything using that public key and pulling down the config to set up a repo and permissions. I then realized I want to develop on another PC so I created a new key (benny@desktop.pub) and renamed benny.pub to benny@laptop.pub which screwed things up obviously. This is where I know I was dumb by changing the name.

My question after a long-winded description is this: how can I set up a sturdy self-hosted git server with the ability to have multiple developers log in from multiple machines while maintaining security, etc? There has to be a proven technique (gitolite describes maybe 4-5 different ways...also frustrating) to do this as I'm sure I'm not the only one trying to do this exact same thing. Maybe git isn't right for my team?

Any help is greatly appreciated!

Community
  • 1
  • 1
Benny
  • 3,899
  • 8
  • 46
  • 81
  • 1
    Take gitolite, with the "from-client method": http://stackoverflow.com/questions/5041067/gitolite-git-clone-error/5041898#5041898. Works like a charm. – VonC Apr 09 '11 at 20:12
  • 1
    Also, in my opinion it is not a horrible thing to share SSH keys between systems, such as laptops and desktops. As long as each one is secure, and most importantly that the key has a passphrase. – Mike Cooper Apr 26 '11 at 22:08

6 Answers6

15

From my experience, all you need is a SSH server with a single git account/login that you are able to connect to using one of your public keys. Install gitolite using SSH (copies gitloite from your client to the server & does the basic setup) and have your developers send you their public keys. Add these keys to the gitolite-admin repository in your ~ and push.

Why does a developer need more than one keypair in the first place, even if multiple machines are used? Such cases will neither influence how SSH handles authentication nor how gitolite handles authorization: they're still SSH keys.

  • If a developer has to use several keypairs (one for git, another for some other server), let them handle the complexity and advise them to create an entry in ~/.ssh/config for each keypair/server combination they use.

  • If a developer has a different keypair on every machine used, gitolite groups can combine several public keys:

@agross = agross-1 agross-2
Alexander Groß
  • 10,200
  • 1
  • 30
  • 33
  • 1
    There is no longer an option of installing gitolite through ssh. I recommend this article for gitolite + GitLab (nice UI for gitolite): http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ Note that this is for Debian, but should be similar on other systems – glebm Jun 29 '12 at 23:23
  • @glebm What do you mean "There is no longer an option of installing gitolite through ssh"? That's the default protocol. – webXL Jun 18 '13 at 23:44
  • @webXL He was talking about *installation*, not *accessing* the Git server once it is installed. As of today, Gitolite does not provide means to install through SSH. You may SSH into your server yourself, though. – Alexander Groß Jun 22 '13 at 11:35
4

A couple of pointers:

The section about git on the server on Scott Chacon's pro git book

Gitorious is FOSS

Rom1
  • 3,167
  • 2
  • 22
  • 39
2

I maintain a gitosis config at work, and when a developer has multiple ssh keys, all I have to do is put all these keys in the same keydir/user.pub file.

So concatenate all your keys into keydir/benny.pub and you shoud be all set.

adl
  • 15,627
  • 6
  • 51
  • 65
  • 1
    I don't understand how this can work. When i try that, it's written: "WARNING: a pubkey file can only have one line (key); ignoring user.pub". So no, it can't work. – tito Nov 15 '11 at 11:48
  • Are you using gitolite or gitosis? My answer is only for gitosis, which is what we use at work. (Gitolite works differently and wants several keys in separate files.) – adl Nov 15 '11 at 18:42
2

There are a few open source git hosting solutions with a web-based UI for creating repositories and adding users (like GitHub:FI)... though I don't know about restricting access:

HTH

Jakub Narębski
  • 309,089
  • 65
  • 217
  • 230
1

i am using debian with every developer having an account on the server. i use ssh with private key login. Finally a developer has to use a url like ssh://username@example.com/git-repo/repo.git to checkout or in any case interact with git on repo

Ashwini Dhekane
  • 2,280
  • 14
  • 19
  • 3
    You don't need to have a login for each developer. SSH/gitolite can handle several people behind a single git@server login, all of which are identified by their own SSH public key. – Alexander Groß Apr 09 '11 at 23:58
  • @Alexander, can you please describe how? – Benny Apr 10 '11 at 14:20
  • 2
    @Benny It's pretty simple: SSH only does the authentication, gitolite only handles authorization and the git protocol. A dev's public key is registered in the `git` user's `~/.ssh/autorized_keys`. SSH will authorize/allow the dev to log in with the `git` account. `~/.ssh/autorized_keys` also contains the "shell" to be run, which refers to gitolite's main script with the user name as the parameter. This script contains the authorization parts (it reads gitolite's config file) and will also handle the repo access. – Alexander Groß Apr 10 '11 at 17:34
0

I think the problem is that you ssh client (windows or linux version) is not finding the key file. I had the same problem and solved this way:

  • In my notebook, generated the key file (rafael.nicoletti@mycorporation) in ~/.ssh folder (where ~ is home folder. windows version is %HOME% env)

  • I added a file name config in ~/.ssh with following content:

    IdentityFile ~/.ssh/rafael.nicoletti@corporation

In every location i want to access my git servers, i just copy those files in my %HOME% folder

You can also put the some things like this in config file:

IdentityFile /d/identity.key
IdentityFile /e/identity.key
IdentityFile /f/identity.key
IdentityFile /.../identity.key

So the config will look for keys in removable medias.

Rafael Diego Nicoletti
  • 424
  • 4
  • 7